Locks are a mechanism to stop certain activities on resources. RBAC provides rights to users/groups/application in a certain scope. There are out-of-the-box RBAC roles, such as owner, contributor, and reader. With the contributor role, it is possible to delete or modify a resource. How can such activities be prevented despite the user having a contributor role? Here enters Azure locks.
Azure locks can help in two ways:
- It can lock resources such that they cannot be deleted even if you have owner access
- It can lock resource in such a way that neither it can be deleted, nor its configuration is modifiable
This is typically very helpful for resources in the production environment where resources should not be modified or deleted accidentally.
Locks can be applied at subscription, resource group, and individual resource levels. Locks follow inheritance between subscription...